DEV Community

Cover image for POSTMAN please let me in
Surapat Mekvanich
Surapat Mekvanich

Posted on

POSTMAN please let me in

Hi again,

While dabbling with ruby on rails and learning authentication and implementing it I realized that I often log myself out because of the session controller having requiring authenticate to be able to view my backend. To be fair, you can implement this after.

Also, I didn't have a frontend built yet so you can't use the form to fire a POST request to backend to authenticate you in. Even so, without a fully built front end you won't be able to see much even authorized...

Introducing, POSTMAN. Your friendly neighborhood (spacian) s/he who fires fetch calls on your behalf. Simply identify the nature of your call (GET/POST/PATCH/PUT/DELETE) and your destination (endpoint). Any backend developers best friends. You can test your backend without your frontend being built by having a sessions controller.

Here's mine in sessions_controller.rb

    def login
        user = User.find_by(email: params[:email])
        if user&.authenticate(params[:password])
            session[:user_id] = 
            render json: user, status: 200
Enter fullscreen mode Exit fullscreen mode

This will search your backend for users by their email (you can do it by username too if you'd like) and authenticate by their password. Then, putting user in their session (and granting access to wherever they are allowed). Don't forget to set the status code as well!

      post '/login', to: 'sessions#login'
Enter fullscreen mode Exit fullscreen mode

Also don't forget this in your config/routes.rb. This creates a route in yourlocalhost:someNumber/login. How else would you know where to tell your POSTMAN where to fire?

Now that our routes and controller are set up we can now ask our POSTMAN to fetch the backend data for us!

Image description

Here you have my local path which is 'localhost:3000/login' which is a POST request to /login which should authenticate me into my session if my email and password are matched.

Image description

Of course, it wouldn't work... who uses that kind of password. Never share your password online. Anyways, it threw this error because I had this in the application controllers to catch any errors in the backend side.

    def authorized_user  
        return render json: { error: "Not authorized" }, status: 
        :unauthorized unless current_user
Enter fullscreen mode Exit fullscreen mode

current_user being an instance method where it searches that the user is currently in session (after being authenticated)

Image description

Now, after successfully login in my backend returns the information about the user.
I also hope that your eye catches the key:password_digest

password_digest comes with the installation of the bcrypt gem. It salts (encrypts) your password. Only your backend will have the key to decrypt it! And also, it won't allow others to see it even if they can access your backend.

Simply go into your gemfile and add

gem 'bcrypt' # you can also specify a specific version you'd like

Anyways, back on track with the POSTMAN. Now that we are logged in I can view some of the data that I have set up with other controllers.

Well, sorry if you were expecting to see some JSON data from my backend. It's still under construction. But here's how you can log off using POSTMAN.

    def logout
        session.delete :user_id
        head :no_content
Enter fullscreen mode Exit fullscreen mode

Also make sure you have this custom route in config/routes.rb

      delete '/logout', to: 'sessions#logout'
Enter fullscreen mode Exit fullscreen mode

Now simply fire your POSTMAN (and no please don't relieve him of his duty, what would the backend devs do..)

Image description

Yeah I know it doesn't spit you out anything because I haven't set any message when the user session is destroyed. Sorry I code like a snail.

I hope this was useful to you all whom are new to developing authentication and needed a way to peek inside via POSTMAN.

Happy Coding!

Latest comments (0)